Eric Helgeson found that his ISP was redirecting him to merchants using their affiliate links:
> When looking at the URLs a little more closely I noticed fwdsnp was adding affiliate ID’s into the URLs. Did I have some malware that was hijacking my requests? I switched to Google’s DNS and the affiliate IDs were not injected into the URLs. Then I noticed one of the affiliate’s name was Arvig, which happens to be my ISP. Confirmed. It looks like I’m not the only one[1].
Read the article for the ISP response, it’s classic.